Search by Job Title

Sr Security Consultant - TSCSecureInfo

THIS JOB HAS EXPIRED

Job Description:
Provides Information Assurance support to various SecureInfo Federal and Commercial clients. Will be responsible for providing technical guidance for development, data security and system administrators. Ensures complete security measures for businesses. Must be willing to travel.
Essential Job Functions:

Vulnerability Assessments
Use tools such as Nessus to perform vulnerability scans across enterprise systems
Analyze Nessus results to identify vulnerabilities
Analyze vulnerabilities for false positives
Provide reports, written/verbal on vulnerabilities
Penetration Testing
Determine the feasibility of a particular set of attack vectors
Identify/exploit higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
Identify/exploit vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
Use tools such as Kali (BackTrack), MetaSploit, Burp Suite, IBM AppScan and other related penetration testing tools.
Use Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
Social Engineering
Electronic ? Develop, test and roll out approved phishing schemes
Physical - Impersonating to gain access to clients facility or information assets
Telephonic ? Call clients impersonating an employee to obtain passwords to systems from individuals
Risk Assessments
Provide strategic information security advisory and consulting services for enterprise clients
Conduct interviews with client IT departments to assess IT security practices and procedures and provide recommendations on closing gaps
Perform certification and accreditation (C&A) assessments in support of DIACAP and FedRAMP frameworks
Incident Response
Provide comprehensive computer forensic investigations: Acquire, collect, document, and preserve evidence from various forms of electronic media and equipment
Provide education to existing staff on the emerging trends of security operations methodology, information security concepts, security analysis and monitoring, incident response methodologies, and investigative tools and techniques
Assist customers with the architecture and design of security controls, security monitoring and analysis technologies/processes, and cyber-response technologies/processes
Manage issues resulting from investigation, work collaboratively with customer and business leads to follow up accordingly to security incident management procedures and processes
Code Reviews
Review software code to determine best practices in secure code and familiarity with Java, C#, C/C++, PHP, ASP, and VB as well as being able to code in these languages

Experience and Skills:
In-depth knowledge and understanding at the protocol level of TCP/IP
Must demonstrate excellent time management skills and be capable of working independently and as part of a dynamic team
In depth understanding of traditional programming languages and shell scripting (e.g. ruby, python, Java, C#, C/C++, PHP)
Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards (i.e., PCI, ISO27001/2, FISMA, HIPAA, CIPA, COPPA, SOX404)
Understand complex business and information technology management processes
Demonstrate a general knowledge of market trends, competitor activities, customer products and service lines
Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
Identify opportunities to improve engagement profitability
Participate in and actively support mentoring relationships within practice
Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
Build and nurture positive working relationships with clients with the intention to exceed client expectations
Facilitate use of technology?based tools or methodologies to review, design and/or implement products and services
Ability to maintain sensitive and confidential information as required by government standards
Ability to interact effectively with peers and supervisors
Ability to interact appropriately with the public when necessary
Ability to adhere to workplace rules
Education and Experience: